| ▲ | sigmonsays 4 hours ago |
| If I run the compromised CLI, do they get all my passwords? |
|
| ▲ | bhouston 4 hours ago | parent | next [-] |
| Exactly, that could widen the blast radius of this particular compromise significantly. |
|
| ▲ | kbolino 4 hours ago | parent | prev | next [-] |
| No, at least according to Bitwarden themselves: https://community.bitwarden.com/t/bitwarden-statement-on-che... |
|
| ▲ | NeckBeardPrince 4 hours ago | parent | prev | next [-] |
| Read the article |
| |
| ▲ | valicord 4 hours ago | parent | next [-] | | Where does it answer this question in the article? | |
| ▲ | rtaylorgarlock 4 hours ago | parent | prev [-] | | kinda crazy to see this comment required in this particular context, yet here we are | | |
| ▲ | hgoel 4 hours ago | parent [-] | | It's an understandable question, the article reads like an AI generated mess. |
|
|
|
| ▲ | ErneX 4 hours ago | parent | prev [-] |
| The article explains what is extracted. |
| |
| ▲ | jeroenhd 3 hours ago | parent | next [-] | | The article waffles on forever and gives some generic advice. Meanwhile, Bitwarden themselves state that end users were almost never affected: https://community.bitwarden.com/t/bitwarden-statement-on-che... You had to install the CLI through NPM at a very short time frame for it to be affected. If you did get infected, you have to assume all secrets on your computer were accessed and that any executable file you had write access to may be backdoored. | |
| ▲ | valicord 4 hours ago | parent | prev [-] | | No it doesn't? | | |
| ▲ | ErneX 3 hours ago | parent [-] | | Yes it does, under technical analysis. I don’t want to paste it here when it’s laid out in the article… | | |
| ▲ | hgoel 3 hours ago | parent [-] | | It seems to be describing what the Checkmarx vulnerability allows to be done on a GitHub Actions runner? |
|
|
|
